FortiDDos DDoS Attack Mitigation Guide - Fortinet
FortiDDos DDoS Attack Mitigation Guide - Fortinet
FortiDDos DDoS Attack Mitigation Guide - Fortinet
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Attack</strong>s to test functionality and performance<br />
Anomalous state floods<br />
Protocols such as TCP are stateful. They follow predefined state transition rules. When<br />
scripted bots generate attacks, they violate many of these rules. Examples of such<br />
attacks are ACK packets coming without connection establishment, out of TCP<br />
window packets etc.<br />
Limited sources versus large number of sources floods<br />
Some <strong>DDoS</strong> attacks are launched using very limited number of sources while some<br />
others are launched with a very large number of sources. It is easy to launch a spoofed<br />
attack with a seemingly large number of sources. To launch a non-spoofed large<br />
number source attack, you need a control over a large botnet.<br />
Layer 3, 4 or 7 <strong>DDoS</strong> attack<br />
It is possible to launch <strong>DDoS</strong> attacks on different network layers.<br />
Over the Internet, one can launch Layer 3, 4 or 7 attacks.<br />
Example of Layer 3 attacks are protocol floods such as ICMP floods, TCP floods,<br />
fragment floods. These are created using a variation in the layer 3 headers.<br />
Example of layer 4 floods are port floods (TCP or UDP). In these attacks, a single port<br />
is continuously attacked. ICMP echo flood are also of this kind.<br />
Example of layer 7 floods are URL floods. In this attack, a single URL is continuously<br />
attacked from multiple sources.<br />
Random header parameter attack<br />
It is easy to create <strong>DDoS</strong> attacks in which some specific header parameter is<br />
continuously varying. Examples are TCP random flag flooding, IP option flooding, TCP<br />
option flooding etc.<br />
Blended attack<br />
It is easy to create <strong>DDoS</strong> attacks in which many attacks are combined to further<br />
confuse the destination. Examples are port floods on TCP and UDP simultaneously.<br />
<strong>Attack</strong>s to test functionality and performance<br />
Spoofed syn flood attack<br />
This is a layer 4 spoofed flood in which the attacker sends TCP SYN packets in which<br />
the IP addresses are continuously changing.<br />
Forti<strong>DDoS</strong> <strong>DDoS</strong> <strong>Attack</strong> <strong>Mitigation</strong> <strong>Guide</strong><br />
28-100-167076-20120501 27<br />
http://docs.fortinet.com/ • Feedback